Dr. Pavan Duggal
Chairman International Commission on Cyber Security Law

Responsibilities of the CIO
With the coming of Covid-19, the Golden Age of Cybercrime has already arrived. In my new book entitled “New Cyber World Order Post Covid-19”,

I have argued that by the time the countries are successful against the fight of Covid-19 in terms of first and subsequent waves of infections, the world will enter into a New Cyber World Order, where cybercrime will be the new default normal, where increasing cyber security breaches will be a daily constant companion of ours.

In these newly changed ground realities concerning new cyberspace that are awaiting us, I think the role of CIOs in the companies will undergo massive transformation. From just being a Chief Information Officer, the CIO will transform itself into becoming a Chief Lifeline Officer of the company.

Data is the new oil of the data economy and therefore this data is the new building block of the new age. So everything must be done so as to protect the authenticity, veracity, security, reliability and stability of data resident on corporate networks and corporate resources. Therefore, with each passing day, the role of CIOs in companies will start getting more and more significant. They will start getting far more powerful, in terms of having much growing cloud in corporate management decisions. CIOs will become an essential element of all corporate decisions that will be taken at the management level, because issues around data will, to a large extent, govern business strategies and potential business opportunities in the coming times.

Key priorities for 2021
The key priorities for CIOs and CISOs in 2021 will be how to keep the organizations abreast with the latest onslaught of the digital format. Today, digital format has become the defacto format and with increasingly organizations Working From Home, they have to now come up with new mechanisms on how to adopt not just the electronic digital transformation processes, but also newly emerging technologies like Artificial Intelligence (AI), Internet of Things and Blockchain into the holistic corporate ecosystem.

The focus is primarily not just to enhance the experiences of customers but also to secure the authenticity and veracity of corporate data as also the cyber security of corporate networks, corporate resources and corporate systems, apart from confidential data and information resident therein.

Adopting Work-From Anywhere
CIOs need to adopt new strategies and approaches, while dealing with the Work From Home paradigm. Not only, the existing policies of corporates have to be relooked at, but more significantly, now corporates need to come up with new policies and frameworks so as to regulate the activities of employees Working From Home. Protecting the confidentiality of corporate data and companies’ trade secrets becomes a topmost priority. Also, ensuring the cyber security of corporate systems and networks which are being accessed by Work From Home devices, has assumed topmost relevance. In this regard, the Government of India has already notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

These Rules have set up a new set of compliances for CIOs and CISOs including implementing and maintaining reasonable security practices and procedures, while they engage in their day-to-day activities. So holistic overall perspectives, in terms of not just having changed and amended policies, but also effectively implementing the same apart from augmenting the technical parameters and taking the constructive advantages of newly emerging technologies have to be all adopted on a simultaneous basis by CIOs and CISOs of the respective companies, in order to protect their corporate legal and technical interests.

Redesigning IT & Security strategy
Companies need to reevaluate and revise their existing IT strategies. Security on the perimeter is no longer the relevant mantra. The relevant mantra is a holistic approach on IT security and a starting point could be ensuring compliance with the international ISO 27,001 standard on information security.

Given the Indian context and given the propensity of Indian users Working From Home to unauthorizedly copy corporate data, sell it or distribute it in any manner whatsoever without permission, the challenges for preserving the IT security of corporate assets and corporate data is indeed huge. The fact that you have had one IT security policy and you think you are done, that mindset has to evaporate. Today, IT security or cyber security is a daily evolving phenomenon. Companies will have to start adopting cyber security as a way of life, as they now come up with new approaches to deal with the new distinctive challenges thrown up by the Covid-19 paradigm.